Method and system to protect software-based network-connected devices from advanced persistent threat

ABSTRACT

A method of protecting a network-connected device from an advanced persistent threat cyber-attack is provided. A network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, is protected from an advanced persistent threat by steps of detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device and locking-down the communications of the network-connected device. The network-connected device may be provided with low-level routines that are correlated to the memory instructions. Detecting the advanced persistent threat may be comprised of authenticating the memory instructions of the network-connected device by using the installed low-level routines.

FIELD OF THE INVENTION

The present invention relates to the protection of network-connected devices from cyber attacks.

BACKGROUND

Generally speaking, a new form of highly targeted cyber attack known as an Advanced Persistent Threat (APT) has emerged as a way to obtain sensitive data and login credentials from any number of companies. Devices that contain software such as bar code scanners, payment terminals, and mobile computers are used to streamline operations for companies. These devices are commonly connected to Point of Sale and Enterprise Resource Planning systems. These devices have recently been targeted to be used as an entry point to a larger system that may contain sensitive data.

In an APT attack, malware or contaminated firmware is loaded onto the network-connected device. The initial attack can be done even before the device is shipped from the factory. Once the device is connected to a network, for example a bar code scanning device in a retail chain, the APT can access the larger retail network and obtain credit card numbers and any other data on the network.

Therefore, a need exists for a method and system to protect networks from APT attacks which are spawned through network-connected devices contaminated with malware.

SUMMARY

Accordingly, in one aspect, the present invention embraces a method and a system for protecting a network-connected device from an advanced persistent threat cyber-attack.

In an exemplary embodiment, a method of protecting a network-connected device from an advanced persistent threat (APT) cyber-attack is provided. In general, the network-connected device has an operating system, a memory, memory instructions which hold executable program instructions, and is communication enabled. The method of protecting such a network-connected device from an APT, is comprised of the steps: detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device; and locking-down the communications of the network-connected device.

In another exemplary embodiment of the method of protecting such a network-connected device from an APT, the network-connected device is provided with routines installed at a low level of the network-connected device. The routines are correlated to the memory instructions. The detecting step of the method comprises authenticating the executable program instructions of the network-connected device using the installed routines.

In yet another exemplary embodiment of the method, the routines are computing checksum blocks routines. The authenticating step in the method is comprised of: generating checksums for the memory instructions before the network-connected device is deployed for the first time, and comparing the checksum block routines to the generated checksums for the memory instructions.

In yet a further exemplary embodiment of the method, the generating step is accomplished when the memory instructions are loaded into the memory or alternatively, the generating step is accomplished when the memory instructions are loaded into the memory prior to executing the instructions for the first time.

In yet another exemplary embodiment of the method, the low level of the network-connected device where the routines are installed is part of the operating system.

In a further exemplary embodiment of the method, the locking-down step is initiated if the checksums for the memory instructions are not authenticated by the checksum block routines in the comparing step.

In yet a further exemplary embodiment, the method comprises, installing the checksum block routines when the operating system is installed. Alternatively, the installing step is performed before the network-connected device is deployed for the first time.

In another exemplary embodiment of the method, the authenticating step comprises: looking for unauthorized instructions in the executable program instructions.

In another exemplary embodiment of the method, looking for unauthorized instructions in the executable program instructions is conducted before the executable program instructions in the memory instructions are executed in the network-connected device for the first time. Additionally, the looking step is conducted periodically.

In another exemplary embodiment, the method further comprises: protecting the checksum block routines from unauthorized changes.

In a further exemplary embodiment of the method, the protecting step is accomplished by a public key and private key cryptography.

Alternatively, in another embodiment, the protecting step is accomplished by a two-factor authentication. The two-factor authentication requires that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made.

In a further exemplary embodiment, the locking-down step is initiated if unauthenticated instructions in the memory instructions are found in the looking step.

In yet another exemplary embodiment, the comparing step is conducted before memory instructions are run in the network-connected device for the first time.

In yet a further exemplary embodiment the comparing step is conducted periodically.

In another exemplary embodiment of the method, the locking-down step includes allowing connections to the network-connected device that are hard-wired to the network-connected device.

In yet another exemplary embodiment, the method further comprises: performing diagnostics while the network-connected device is locked down, whereby details about the advanced persistent threat are identified.

In a further exemplary embodiment, the method further comprises: updating the memory instructions to restore the network-connected device to a pre-advanced persistent threat cyber-attack state.

In another exemplary embodiment, the method further comprises: issuing an alert by the network-connected device to indicate an advanced persistent threat has been detected.

In a further exemplary embodiment, the issuing step is accomplished prior to the locking down step.

In yet a further exemplary embodiment, the issuing step is accomplished by a visual indicator on the network-connected device.

Alternatively, or in addition, in yet another embodiment, the issuing step is accomplished by an audio indicator on the network-connected device.

In another aspect, the present invention embraces a system for protecting a network-connected device from an advanced persistent threat cyber-attack. In the foregoing aspect of the present invention, the network-connected device is wireless communication enabled and is provided with an operating system, a central processing unit, a memory, and executable program instructions loaded into the memory. The operating system, central processing unit, memory, and executable program instructions are communicatively linked. the system comprising:

In an exemplary embodiment, the system is comprises: routines installed in a low-level of the network-connected device, the routines being correlated to the executable program instructions before the network-connected device is deployed for the first time. The central processing unit is configured to allow the routines to authenticate the executable program instructions before the central processing unit executes the program instructions. The routines are configured to lock-down communications between the network-connected device and other devices if the routine finds instructions in the memory which do not correlate to the executable program instructions in the memory.

In another exemplary embodiment, the system further comprises checksums generated for the executable programs in the memory, and the routines are computing checksum block routines. The checksum block routines are configured to authenticate the checksums in the executable programs.

In another exemplary embodiment, the central processing unit is configured to allow the routines to authenticate all the executable program instructions in the memory before the central processing unit executes the program instructions.

In yet another exemplary embodiment, the system further comprises a security scheme to protect the checksum block routines.

In a further exemplary embodiment, the security scheme is a public key and private key cryptography.

In yet a further exemplary embodiment, the security scheme is a two-factor scheme. The two-factor authentication requires that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made.

In another exemplary embodiment, the system further comprises diagnostic routines configured to run on the network-connected device when in communications lock-down. The diagnostic routines are configured to identify details of the advanced persistent threat cyber-attack.

In yet another exemplary embodiment, the system further comprises updating routines configured to run on the network-connected device when in communications lock-down. The updating routines are configured to update the executable program instructions to a pre-advanced persistent threat cyber-attack state.

In a further exemplary embodiment, the system comprises an alert indicator. The alert indicator is communicatively linked to the routines and is initialized when the routines lock-down the network-connected device. The alert indicator may be an audio alarm or a visual indicator.

The foregoing illustrative summary, as well as other exemplary objectives and/or advantages of the invention, and the manner in which the same are accomplished, are further explained within the following detailed description and its accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 schematically depicts the system for protecting a network-connected device from an advanced persistent threat attack.

FIG. 2 schematically depicts a process for protecting a network-connected device from an advanced persistent threat attack.

FIG. 3 schematically depicts one embodiment of the authenticating portion of the process for protecting a network-connected device from an advanced persistent threat.

FIG. 4 schematically depicts another embodiment of the authenticating portion of the process for protecting a network-connected device from an advanced persistent threat.

DETAILED DESCRIPTION

The present invention embraces a system and a method of protecting a network-connected device from an advanced persistent threat attack.

In an exemplary embodiment, illustrated in FIG. 1, a system (5) within and for the protection of a network-connected device (6) from an APT is provided. The network-connected device (6) has a central processing unit (CPU) (7), an operating system (8), and a memory (9). The memory has executable program instructions (10). The network-connected device (6) is also wireless communication enabled (15), and is provided with a system bus (18) which allows communication between the other components. The network-connected device (6) may also be provided with hard-wired connections (19) to other devices. The system (5) is comprised of routines (12), which are installed in a low-level of the network-connected device (6). The routines (12) are correlated to the executable program instructions (10) before the network-connected device (6) is deployed for the first time. The central processing unit (7) is configured to allow the routines (12) to authenticate the executable program instructions (10) before the central processing unit (7) executes the program instructions (10). The routines (12) are configured to lock-down communications between the network-connected device (6) and other devices if the routines (12) find instructions in the memory (9) which do not correlate to the executable program instructions (10) in the memory (9). The routines (12) operating at a low level means that the CPU (7) will not execute program instructions (10) without the memory (9) being authenticated. A typical operating system (8) is aware when program instructions (10) are loaded for the first time. The operating system (8) could trigger the low-level routines (12). Those routines (12) may be packaged and ship as part of the operating system (8) itself or alternatively could be authored and loaded onto the network-connected device (6) and communicatively linked to the operating system (8).

In another exemplary embodiment, the system (5) is further comprised of checksums (11) generated for the executable programs (10) in the memory (11). The routines (12) are computing checksum block routines (12). The checksum block routines (12) are configured to authenticate the checksums (11) in the executable program instructions (10).

In yet a further exemplary embodiment of the invention, the central processing unit (7) is configured to allow the routines (12) to authenticate all the executable program instructions (10) in the memory (9) before the central processing unit (7) executes the program instructions (10).

In another exemplary embodiment of the invention, the system (5) further comprises a security scheme or system (16) to protect the checksum block routines (12) from tampering. The security scheme (16) may be a public key/private key cryptography. In such a security system (16), changes to the checksum block routines (12) could only be accomplished if the authors of the APT had access to both keys. The public and private key pair comprises two uniquely related cryptographic keys. The key pair is mathematically related. Whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.

In yet another exemplary embodiment, the security scheme or system (16) comprises a two-factor authentication scheme. The two-factor authentication requires that a notification be sent to the party responsible for the network-connected device (6) before any changes are made in the memory (9) executable program instructions (10) or the in the checksums (11).

In a further exemplary embodiment of the invention, the system (5) further comprises diagnostic routines (13). The diagnostic routines (13) are configured to run on the network-connected device (6) when the network-connected device (6) is in communications lock-down. The diagnostic routines (13) are configured to identify details of the advanced persistent threat.

In still a further exemplary embodiment of the present invention, the system (5) comprises updating routines (14). The updating routines (14) are configured to update the executable program instructions (10) in the memory (9) to a pre-advanced persistent thereat attack state.

In yet another exemplary embodiment, the system (5) further comprises an alert indicator (17). The alert indicator (17) is communicatively linked via the system bus (18) to the routines (12). The alert indicator (17) is initialized by a command from the routines (12) when the routines (12) lock-down the network-connected device (6). The alert indicator (17) may be an audio alarm or a visual indicator, such as a blinking LED on the network-connected device (6).

In another aspect, the present invention embraces a method of protecting a network-connected device from an advanced persistent threat attack. In the foregoing embodiments, the network-connected device is generally comprises as described in FIG. 1 above. That is, the network-connected device is wireless communication enabled and has an operating system, a central processing unit, a memory, and memory instructions holding executable program instructions. The operating system, central processing unit, memory, and memory instructions are communicatively linked. Referring now to FIG. 2, in an exemplary embodiment of the invention, a method (20) is provided which is comprised of the steps of: Detecting the advanced persistent threat (21) due to the presence of rogue software in the memory instructions; and locking down communications (22) between the network-connected device and other devices.

In another embodiment of the method (20), the network-connected device is provided with routines installed at a low level of the network-connected device. The routines are correlated to the memory instructions. The detecting step (21) comprises the step of authenticating the executable program instructions (27) of the network-connected device using the installed routines.

In a further embodiment of the present invention, the locking-down step (22) includes the step of allowing connections to the network-connected device that are hard-wired to the network connected device (24).

In another embodiment of the present invention, the method (20) further comprises issuing an alert (23) by the network-connected device to indicate an advance persistent threat has been detected. The issuing step (23) is accomplished by a visual indicator on the network-connected device or in the alternative, an audio alert issuing from the network-connected device.

In yet another exemplary embodiment of the invention, the method (20) further comprises the steps of performing diagnostics while the network-connected device is locked-down (25) and updating the memory instructions to restore the network-connected device to a pre-advanced persistent threat state (26).

The authenticating step (27) of FIG. 2 embraces several embodiments. In method shown in FIG. 3, the routines of the network-connected device are computing checksum routines. Referring to FIG. 3, in an exemplary embodiment, the authenticating method (31) starts. The authenticating step is comprised of the steps of generating checksums for the memory instructions (32), and comparing the checksum block routines to the checksums for the memory instructions (34).

In another exemplary embodiment, the generating step (32) is comprised of the step of installing checksum block routines in the operating system (33 b) when the operating system is installed. The installed checksum block routines correlate to the checksums in the memory instructions.

In another exemplary embodiment, the generating step (32) is comprised of the step of installing checksum block routines in the operating system (33 a) before the operating system is deployed for the first time.

In yet another exemplary embodiment, the authenticating method (31) further comprises protecting the checksum block routines from unauthorized changes (35).

In another exemplary embodiment, the protecting step (35) can be accomplished with a public key/private key cryptography. The public and private key pair comprises two uniquely related cryptographic keys. The key pair is mathematically related. Whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa. In relation to the present invention, changes made to the checksum block routines can only be made using the public and private key pair. Only a party responsible for the network-connected device (6) would have access to the private key.

In yet another exemplary embodiment, the protecting step (35) is accomplished by a two-factor authentication. The two-factor authentication requires that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions and the checksums can be made.

In another embodiment of the authenticating step (27) of FIG. 2, refer to FIG. 4. In an exemplary embodiment, the authenticating method starts (41) and is comprised of the step: looking for unauthorized instructions in the executable program instructions (42).

In another exemplary embodiment, the looking step (42) is conducted periodically.

In yet another exemplary embodiment, the looking step (42) is conducted before the executable program instructions in the memory instructions are executed in the network-connected device for the first time.

In yet another exemplary embodiment, if during the looking step (42) unauthenticated instructions are found in memory instructions, the method further comprises locking down communications (43). If no unauthenticated instructions are found, then the method further comprises: executing the program instructions (44).

The following represent exemplary embodiments in accordance with the present disclosure.

Exemplary Embodiment 1

A method of protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, comprising the steps of:

detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device; and

locking-down the communications of the network-connected device.

Exemplary Embodiment 2

The method of Exemplary Embodiment 1, wherein the network-connected device is provided with routines installed at a low level of the network-connected device, the routines being correlated to the memory instructions; and wherein the detecting step comprises:

authenticating the executable program instructions of the network-connected device using the installed routines.

Exemplary Embodiment 3

The method of Exemplary Embodiment 2, wherein the routines are computing checksum blocks routines; and the authenticating step comprises: generating checksums for the memory instructions before the network-connected device is deployed for the first time; and comparing the checksum block routines to the checksums for the memory instructions.

Exemplary Embodiment 4

The method of Exemplary Embodiment 3, wherein the generating step is accomplished when the memory instructions are loaded into the memory.

Exemplary Embodiment 5

The method of Exemplary Embodiment 3, wherein the generating step is accomplished prior to executing the instructions for the first time.

Exemplary Embodiment 6

The method of Exemplary Embodiment 3, wherein the low level of the network-connected device is part of the operating system.

Exemplary Embodiment 7

The method of Exemplary Embodiment 3, wherein the locking-down step is initiated if the checksums for the memory instructions are not authenticated by the checksum block routines in the comparing step.

Exemplary Embodiment 8

The method of Exemplary Embodiment 6, further comprising the step of installing the checksum block routines when the operating system is installed.

Exemplary Embodiment 9

The method of Exemplary Embodiment 6, further comprising the step of installing the checksum block routines into the operating system before the network-connected device is deployed for the first time.

Exemplary Embodiment 10

The method of Exemplary Embodiment 3, further comprising the step of: protecting the checksum block routines from unauthorized changes.

Exemplary Embodiment 11

The method of Exemplary Embodiment 10, wherein the protecting step is accomplished by a public key and private key cryptography.

Exemplary Embodiment 12

The method of Exemplary Embodiment 10, wherein the protecting step is accomplished by a two-factor authentication, the two-factor authentication requiring that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made.

Exemplary Embodiment 13

The method of Exemplary Embodiment 2, wherein the authenticating step comprises: looking for unauthorized instructions in the executable program instructions.

Exemplary Embodiment 14

The method of Exemplary Embodiment 13, wherein the looking step is conducted before the executable program instructions in the memory instructions are executed in the network-connected device for the first time.

Exemplary Embodiment 15

The method of Exemplary Embodiment 13, wherein the looking step is conducted periodically.

Exemplary Embodiment 16

The method of Exemplary Embodiment 13, wherein the locking-down step is initiated if unauthenticated instructions in the memory instructions are found in the looking step.

Exemplary Embodiment 17

The method of Exemplary Embodiment 14, wherein the locking-down step is initiated if unauthenticated instructions in the memory instructions are found in the looking step.

Exemplary Embodiment 18

The method of Exemplary Embodiment 3, wherein the comparing step is conducted before memory instructions are run in the network-connected device for the first time.

Exemplary Embodiment 19

The method of Exemplary Embodiment 3, wherein the comparing step is conducted periodically.

Exemplary Embodiment 20

The method of Exemplary Embodiment 1, wherein the locking-down step includes allowing connections to the network-connected device that are hard-wired to the network-connected device.

Exemplary Embodiment 21

The method of Exemplary Embodiment 1, further comprising: performing diagnostics while the network-connected device is locked down, whereby details about the advanced persistent threat are identified.

Exemplary Embodiment 22

The method of Exemplary Embodiment 1, further comprising: updating the memory instructions to restore the network-connected device to a pre-advanced persistent threat cyber-attack state.

Exemplary Embodiment 23

The method of Exemplary Embodiment 1, further comprising: issuing an alert by the network-connected device to indicate an advanced persistent threat has been detected.

Exemplary Embodiment 24

The method of Exemplary Embodiment 23, wherein the issuing step is accomplished prior to the locking down step.

Exemplary Embodiment 25

The method of Exemplary Embodiment 23, wherein the issuing step is accomplished by a visual indicator on the network-connected device.

Exemplary Embodiment 26

The method of Exemplary Embodiment 23, wherein the issuing step is accomplished by an audio indicator on the network-connected device.

Exemplary Embodiment 27

A system for protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device being wireless communication enabled and having an operating system, a central processing unit, a memory, executable program instructions loaded into the memory; the operating system, central processing unit, memory and executable program instructions being communicatively linked; the system comprising:

routines installed in a low-level of the network-connected device, the routines being correlated to the executable program instructions before the network-connected device is deployed for the first time;

the central processing unit being configured to allow the routines to authenticate the executable program instructions before the central processing unit executes the program instructions;

the routines being configured to lock-down communications between the network-connected device and other devices if the routine finds instructions in the memory which do not correlate to the executable program instructions in the memory.

Exemplary Embodiment 28

The system of Exemplary Embodiment 27, further comprising: checksums generated for the executable programs in the memory, and wherein the routines are computing checksum block routines, the checksum block routines being configured to authenticate the checksums in the executable programs.

Exemplary Embodiment 29

The system of Exemplary Embodiment 27, wherein the central processing unit is configured to allow the routines to authenticate all the executable program instructions in the memory before the central processing unit executes the program instructions.

Exemplary Embodiment 30

The system of Exemplary Embodiment 28, further comprising a security scheme to protect the checksum block routines.

Exemplary Embodiment 31

The system of Exemplary Embodiment 30, wherein the security scheme is a public key and private key cryptography.

Exemplary Embodiment 32

The system of Exemplary Embodiment 30, wherein the security scheme is a two-factor scheme, the two-factor authentication requiring that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made.

Exemplary Embodiment 33

The system of Exemplary Embodiment 27, further comprising diagnostic routines configured to run on the network-connected device when in communications lock-down, the diagnostic routines being configured to identify details of the advanced persistent threat cyber-attack.

Exemplary Embodiment 34

The system of Exemplary Embodiment 27, further comprising updating routines configured to run on the network-connected device when in communications lock-down, the updating routines being configured to update the executable program instructions to a pre-advanced persistent threat cyber-attack state.

Exemplary Embodiment 35

The system of Exemplary Embodiment 27, comprising an alert indicator, the alert indicator being communicatively linked to the routines, the alert indicator being initialized when the routines lock-down the network-connected device.

Exemplary Embodiment 36

The system of Exemplary Embodiment 35, wherein the alert indicator is selected from an audio alarm and a visual indicator.

To supplement the present disclosure, this application incorporates entirely by reference the following commonly assigned patents, patent application publications, and patent applications:

-   U.S. Pat. No. 6,832,725; U.S. Pat. No. 7,128,266; -   U.S. Pat. No. 7,159,783; U.S. Pat. No. 7,413,127; -   U.S. Pat. No. 7,726,575; U.S. Pat. No. 8,294,969; -   U.S. Pat. No. 8,317,105; U.S. Pat. No. 8,322,622; -   U.S. Pat. No. 8,366,005; U.S. Pat. No. 8,371,507; -   U.S. Pat. No. 8,376,233; U.S. Pat. No. 8,381,979; -   U.S. Pat. No. 8,390,909; U.S. Pat. No. 8,408,464; -   U.S. Pat. No. 8,408,468; U.S. Pat. No. 8,408,469; -   U.S. Pat. No. 8,424,768; U.S. Pat. No. 8,448,863; -   U.S. Pat. No. 8,457,013; U.S. Pat. No. 8,459,557; -   U.S. Pat. No. 8,469,272; U.S. Pat. No. 8,474,712; -   U.S. Pat. No. 8,479,992; U.S. Pat. No. 8,490,877; -   U.S. Pat. No. 8,517,271; U.S. Pat. No. 8,523,076; -   U.S. Pat. No. 8,528,818; U.S. Pat. No. 8,544,737; -   U.S. Pat. No. 8,548,242; U.S. Pat. No. 8,548,420; -   U.S. Pat. No. 8,550,335; U.S. Pat. No. 8,550,354; -   U.S. Pat. No. 8,550,357; U.S. Pat. No. 8,556,174; -   U.S. Pat. No. 8,556,176; U.S. Pat. No. 8,556,177; -   U.S. Pat. No. 8,559,767; U.S. Pat. No. 8,599,957; -   U.S. Pat. No. 8,561,895; U.S. Pat. No. 8,561,903; -   U.S. Pat. No. 8,561,905; U.S. Pat. No. 8,565,107; -   U.S. Pat. No. 8,571,307; U.S. Pat. No. 8,579,200; -   U.S. Pat. No. 8,583,924; U.S. Pat. No. 8,584,945; -   U.S. Pat. No. 8,587,595; U.S. Pat. No. 8,587,697; -   U.S. Pat. No. 8,588,869; U.S. Pat. No. 8,590,789; -   U.S. Pat. No. 8,596,539; U.S. Pat. No. 8,596,542; -   U.S. Pat. No. 8,596,543; U.S. Pat. No. 8,599,271; -   U.S. Pat. No. 8,599,957; U.S. Pat. No. 8,600,158; -   U.S. Pat. No. 8,600,167; U.S. Pat. No. 8,602,309; -   U.S. Pat. No. 8,608,053; U.S. Pat. No. 8,608,071; -   U.S. Pat. No. 8,611,309; U.S. Pat. No. 8,615,487; -   U.S. Pat. No. 8,616,454; U.S. Pat. No. 8,621,123; -   U.S. Pat. No. 8,622,303; U.S. Pat. No. 8,628,013; -   U.S. Pat. No. 8,628,015; U.S. Pat. No. 8,628,016; -   U.S. Pat. No. 8,629,926; U.S. Pat. No. 8,630,491; -   U.S. Pat. No. 8,635,309; U.S. Pat. No. 8,636,200; -   U.S. Pat. No. 8,636,212; U.S. Pat. No. 8,636,215; -   U.S. Pat. No. 8,636,224; U.S. Pat. No. 8,638,806; -   U.S. Pat. No. 8,640,958; U.S. Pat. No. 8,640,960; -   U.S. Pat. No. 8,643,717; U.S. Pat. No. 8,646,692; -   U.S. Pat. No. 8,646,694; U.S. Pat. No. 8,657,200; -   U.S. Pat. No. 8,659,397; U.S. Pat. No. 8,668,149; -   U.S. Pat. No. 8,678,285; U.S. Pat. No. 8,678,286; -   U.S. Pat. No. 8,682,077; U.S. Pat. No. 8,687,282; -   U.S. Pat. No. 8,692,927; U.S. Pat. No. 8,695,880; -   U.S. Pat. No. 8,698,949; U.S. Pat. No. 8,717,494; -   U.S. Pat. No. 8,717,494; U.S. Pat. No. 8,720,783; -   U.S. Pat. No. 8,723,804; U.S. Pat. No. 8,723,904; -   U.S. Pat. No. 8,727,223; U.S. Pat. No. D702,237; -   U.S. Pat. No. 8,740,082; U.S. Pat. No. 8,740,085; -   U.S. Pat. No. 8,746,563; U.S. Pat. No. 8,750,445; -   U.S. Pat. No. 8,752,766; U.S. Pat. No. 8,756,059; -   U.S. Pat. No. 8,757,495; U.S. Pat. No. 8,760,563; -   U.S. Pat. No. 8,763,909; U.S. Pat. No. 8,777,108; -   U.S. Pat. No. 8,777,109; U.S. Pat. No. 8,779,898; -   U.S. Pat. No. 8,781,520; U.S. Pat. No. 8,783,573; -   U.S. Pat. No. 8,789,757; U.S. Pat. No. 8,789,758; -   U.S. Pat. No. 8,789,759; U.S. Pat. No. 8,794,520; -   U.S. Pat. No. 8,794,522; U.S. Pat. No. 8,794,526; -   U.S. Pat. No. 8,798,367; U.S. Pat. No. 8,807,431; -   U.S. Pat. No. 8,807,432; U.S. Pat. No. 8,820,630; -   International Publication No. 2013/163789; -   International Publication No. 2013/173985; -   International Publication No. 2014/019130; -   International Publication No. 2014/110495; -   U.S. Patent Application Publication No. 2008/0185432; -   U.S. Patent Application Publication No. 2009/0134221; -   U.S. Patent Application Publication No. 2010/0177080; -   U.S. Patent Application Publication No. 2010/0177076; -   U.S. Patent Application Publication No. 2010/0177707; -   U.S. Patent Application Publication No. 2010/0177749; -   U.S. Patent Application Publication No. 2011/0202554; -   U.S. Patent Application Publication No. 2012/0111946; -   U.S. Patent Application Publication No. 2012/0138685; -   U.S. Patent Application Publication No. 2012/0168511; -   U.S. Patent Application Publication No. 2012/0168512; -   U.S. Patent Application Publication No. 2012/0193423; -   U.S. Patent Application Publication No. 2012/0203647; -   U.S. Patent Application Publication No. 2012/0223141; -   U.S. Patent Application Publication No. 2012/0228382; -   U.S. Patent Application Publication No. 2012/0248188; -   U.S. Patent Application Publication No. 2013/0043312; -   U.S. Patent Application Publication No. 2013/0056285; -   U.S. Patent Application Publication No. 2013/0070322; -   U.S. Patent Application Publication No. 2013/0075168; -   U.S. Patent Application Publication No. 2013/0082104; -   U.S. Patent Application Publication No. 2013/0175341; -   U.S. Patent Application Publication No. 2013/0175343; -   U.S. Patent Application Publication No. 2013/0200158; -   U.S. Patent Application Publication No. 2013/0256418; -   U.S. Patent Application Publication No. 2013/0257744; -   U.S. Patent Application Publication No. 2013/0257759; -   U.S. Patent Application Publication No. 2013/0270346; -   U.S. Patent Application Publication No. 2013/0278425; -   U.S. Patent Application Publication No. 2013/0287258; -   U.S. Patent Application Publication No. 2013/0292475; -   U.S. Patent Application Publication No. 2013/0292477; -   U.S. Patent Application Publication No. 2013/0293539; -   U.S. Patent Application Publication No. 2013/0293540; -   U.S. Patent Application Publication No. 2013/0306728; -   U.S. Patent Application Publication No. 2013/0306730; -   U.S. Patent Application Publication No. 2013/0306731; -   U.S. Patent Application Publication No. 2013/0307964; -   U.S. Patent Application Publication No. 2013/0308625; -   U.S. Patent Application Publication No. 2013/0313324; -   U.S. Patent Application Publication No. 2013/0313325; -   U.S. Patent Application Publication No. 2013/0341399; -   U.S. Patent Application Publication No. 2013/0342717; -   U.S. Patent Application Publication No. 2014/0001267; -   U.S. Patent Application Publication No. 2014/0002828; -   U.S. Patent Application Publication No. 2014/0008430; -   U.S. Patent Application Publication No. 2014/0008439; -   U.S. Patent Application Publication No. 2014/0025584; -   U.S. Patent Application Publication No. 2014/0027518; -   U.S. Patent Application Publication No. 2014/0034734; -   U.S. Patent Application Publication No. 2014/0036848; -   U.S. Patent Application Publication No. 2014/0039693; -   U.S. Patent Application Publication No. 2014/0042814; -   U.S. Patent Application Publication No. 2014/0049120; -   U.S. Patent Application Publication No. 2014/0049635; -   U.S. Patent Application Publication No. 2014/0061305; -   U.S. Patent Application Publication No. 2014/0061306; -   U.S. Patent Application Publication No. 2014/0063289; -   U.S. Patent Application Publication No. 2014/0066136; -   U.S. Patent Application Publication No. 2014/0067692; -   U.S. Patent Application Publication No. 2014/0070005; -   U.S. Patent Application Publication No. 2014/0071840; -   U.S. Patent Application Publication No. 2014/0074746; -   U.S. Patent Application Publication No. 2014/0075846; -   U.S. Patent Application Publication No. 2014/0076974; -   U.S. Patent Application Publication No. 2014/0078341; -   U.S. Patent Application Publication No. 2014/0078342; -   U.S. Patent Application Publication No. 2014/0078345; -   U.S. Patent Application Publication No. 2014/0084068; -   U.S. Patent Application Publication No. 2014/0097249; -   U.S. Patent Application Publication No. 2014/0098792; -   U.S. Patent Application Publication No. 2014/0100774; -   U.S. Patent Application Publication No. 2014/0100813; -   U.S. Patent Application Publication No. 2014/0103115; -   U.S. Patent Application Publication No. 2014/0104413; -   U.S. Patent Application Publication No. 2014/0104414; -   U.S. Patent Application Publication No. 2014/0104416; -   U.S. Patent Application Publication No. 2014/0104451; -   U.S. Patent Application Publication No. 2014/0106594; -   U.S. Patent Application Publication No. 2014/0106725; -   U.S. Patent Application Publication No. 2014/0108010; -   U.S. Patent Application Publication No. 2014/0108402; -   U.S. Patent Application Publication No. 2014/0108682; -   U.S. Patent Application Publication No. 2014/0110485; -   U.S. Patent Application Publication No. 2014/0114530; -   U.S. Patent Application Publication No. 2014/0124577; -   U.S. Patent Application Publication No. 2014/0124579; -   U.S. Patent Application Publication No. 2014/0125842; -   U.S. Patent Application Publication No. 2014/0125853; -   U.S. Patent Application Publication No. 2014/0125999; -   U.S. Patent Application Publication No. 2014/0129378; -   U.S. Patent Application Publication No. 2014/0131438; -   U.S. Patent Application Publication No. 2014/0131441; -   U.S. Patent Application Publication No. 2014/0131443; -   U.S. Patent Application Publication No. 2014/0131444; -   U.S. Patent Application Publication No. 2014/0131445; -   U.S. Patent Application Publication No. 2014/0131448; -   U.S. Patent Application Publication No. 2014/0133379; -   U.S. Patent Application Publication No. 2014/0136208; -   U.S. Patent Application Publication No. 2014/0140585; -   U.S. Patent Application Publication No. 2014/0151453; -   U.S. Patent Application Publication No. 2014/0152882; -   U.S. Patent Application Publication No. 2014/0158770; -   U.S. Patent Application Publication No. 2014/0159869; -   U.S. Patent Application Publication No. 2014/0160329; -   U.S. Patent Application Publication No. 2014/0166755; -   U.S. Patent Application Publication No. 2014/0166757; -   U.S. Patent Application Publication No. 2014/0166759; -   U.S. Patent Application Publication No. 2014/0166760; -   U.S. Patent Application Publication No. 2014/0166761; -   U.S. Patent Application Publication No. 2014/0168787; -   U.S. Patent Application Publication No. 2014/0175165; -   U.S. Patent Application Publication No. 2014/0175169; -   U.S. Patent Application Publication No. 2014/0175172; -   U.S. Patent Application Publication No. 2014/0175174; -   U.S. Patent Application Publication No. 2014/0191644; -   U.S. Patent Application Publication No. 2014/0191913; -   U.S. Patent Application Publication No. 2014/0197238; -   U.S. Patent Application Publication No. 2014/0197239; -   U.S. Patent Application Publication No. 2014/0197304; -   U.S. Patent Application Publication No. 2014/0203087; -   U.S. Patent Application Publication No. 2014/0204268; -   U.S. Patent Application Publication No. 2014/0214631; -   U.S. Patent Application Publication No. 2014/0217166; -   U.S. Patent Application Publication No. 2014/0217180; -   U.S. patent application Ser. No. 13/367,978 for a Laser Scanning     Module Employing an Elastomeric U-Hinge Based Laser Scanning     Assembly, filed Feb. 7, 2012 (Feng et al.); -   U.S. patent application Ser. No. 29/436,337 for an Electronic     Device, filed Nov. 5, 2012 (Fitch et al.); -   U.S. patent application Ser. No. 13/771,508 for an Optical     Redirection Adapter, filed Feb. 20, 2013 (Anderson); -   U.S. patent application Ser. No. 13/852,097 for a System and Method     for Capturing and Preserving Vehicle Event Data, filed Mar. 28, 2013     (Barker et al.); -   U.S. patent application Ser. No. 13/902,110 for a System and Method     for Display of Information Using a Vehicle-Mount Computer, filed May     24, 2013 (Hollifield); -   U.S. patent application Ser. No. 13/902,144, for a System and Method     for Display of Information Using a Vehicle-Mount Computer, filed May     24, 2013 (Chamberlin); -   U.S. patent application Ser. No. 13/902,242 for a System For     Providing A Continuous Communication Link With A Symbol Reading     Device, filed May 24, 2013 (Smith et al.); -   U.S. patent application Ser. No. 13/912,262 for a Method of Error     Correction for 3D Imaging Device, filed Jun. 7, 2013 (Jovanovski et     al.); -   U.S. patent application Ser. No. 13/912,702 for a System and Method     for Reading Code Symbols at Long Range Using Source Power Control,     filed Jun. 7, 2013 (Xian et al.); -   U.S. patent application Ser. No. 29/458,405 for an Electronic     Device, filed Jun. 19, 2013 (Fitch et al.); -   U.S. patent application Ser. No. 13/922,339 for a System and Method     for Reading Code Symbols Using a Variable Field of View, filed Jun.     20, 2013 (Xian et al.); -   U.S. patent application Ser. No. 13/927,398 for a Code Symbol     Reading System Having Adaptive Autofocus, filed Jun. 26, 2013     (Todeschini); -   U.S. patent application Ser. No. 13/930,913 for a Mobile Device     Having an Improved User Interface for Reading Code Symbols, filed     Jun. 28, 2013 (Gelay et al.); -   U.S. patent application Ser. No. 29/459,620 for an Electronic Device     Enclosure, filed Jul. 2, 2013 (London et al.); -   U.S. patent application Ser. No. 29/459,681 for an Electronic Device     Enclosure, filed Jul. 2, 2013 (Chaney et al.); -   U.S. patent application Ser. No. 13/933,415 for an Electronic Device     Case, filed Jul. 2, 2013 (London et al.); -   U.S. patent application Ser. No. 29/459,785 for a Scanner and     Charging Base, filed Jul. 3, 2013 (Fitch et al.); -   U.S. patent application Ser. No. 29/459,823 for a Scanner, filed     Jul. 3, 2013 (Zhou et al.); -   U.S. patent application Ser. No. 13/947,296 for a System and Method     for Selectively Reading Code Symbols, filed Jul. 22, 2013     (Rueblinger et al.); -   U.S. patent application Ser. No. 13/950,544 for a Code Symbol     Reading System Having Adjustable Object Detection, filed Jul. 25,     2013 (Jiang); -   U.S. patent application Ser. No. 13/961,408 for a Method for     Manufacturing Laser Scanners, filed Aug. 7, 2013 (Saber et al.); -   U.S. patent application Ser. No. 14/018,729 for a Method for     Operating a Laser Scanner, filed Sep. 5, 2013 (Feng et al.); -   U.S. patent application Ser. No. 14/019,616 for a Device Having     Light Source to Reduce Surface Pathogens, filed Sep. 6, 2013     (Todeschini); -   U.S. patent application Ser. No. 14/023,762 for a Handheld Indicia     Reader Having Locking Endcap, filed Sep. 11, 2013 (Gannon); -   U.S. patent application Ser. No. 14/035,474 for Augmented-Reality     Signature Capture, filed Sep. 24, 2013 (Todeschini); -   U.S. patent application Ser. No. 29/468,118 for an Electronic Device     Case, filed Sep. 26, 2013 (Oberpriller et al.); -   U.S. patent application Ser. No. 14/055,234 for Dimensioning System,     filed Oct. 16, 2013 (Fletcher); -   U.S. patent application Ser. No. 14/053,314 for Indicia Reader,     filed Oct. 14, 2013 (Huck); -   U.S. patent application Ser. No. 14/065,768 for Hybrid System and     Method for Reading Indicia, filed Oct. 29, 2013 (Meier et al.); -   U.S. patent application Ser. No. 14/074,746 for Self-Checkout     Shopping System, filed Nov. 8, 2013 (Hejl et al.); -   U.S. patent application Ser. No. 14/074,787 for Method and System     for Configuring Mobile Devices via NFC Technology, filed Nov. 8,     2013 (Smith et al.); -   U.S. patent application Ser. No. 14/087,190 for Optimal Range     Indicators for Bar Code Validation, filed Nov. 22, 2013 (Hejl); -   U.S. patent application Ser. No. 14/094,087 for Method and System     for Communicating Information in an Digital Signal, filed Dec. 2,     2013 (Peake et al.); -   U.S. patent application Ser. No. 14/101,965 for High Dynamic-Range     Indicia Reading System, filed Dec. 10, 2013 (Xian); -   U.S. patent application Ser. No. 14/150,393 for Indicia-reader     Having Unitary Construction Scanner, filed Jan. 8, 2014 (Colavito et     al.); -   U.S. patent application Ser. No. 14/154,207 for Laser Barcode     Scanner, filed Jan. 14, 2014 (Hou et al.); -   U.S. patent application Ser. No. 14/165,980 for System and Method     for Measuring Irregular Objects with a Single Camera filed Jan. 28,     2014 (Li et al.); -   U.S. patent application Ser. No. 14/166,103 for Indicia Reading     Terminal Including Optical Filter filed Jan. 28, 2014 (Lu et al.); -   U.S. patent application Ser. No. 14/200,405 for Indicia Reader for     Size-Limited Applications filed Mar. 7, 2014 (Feng et al.); -   U.S. patent application Ser. No. 14/231,898 for Hand-Mounted     Indicia-Reading Device with Finger Motion Triggering filed Apr. 1,     2014 (Van Horn et al.); -   U.S. patent application Ser. No. 14/250,923 for Reading Apparatus     Having Partial Frame Operating Mode filed Apr. 11, 2014, (Deng et     al.); -   U.S. patent application Ser. No. 14/257,174 for Imaging Terminal     Having Data Compression filed Apr. 21, 2014, (Barber et al.); -   U.S. patent application Ser. No. 14/257,364 for Docking System and     Method Using Near Field Communication filed Apr. 21, 2014     (Showering); -   U.S. patent application Ser. No. 14/264,173 for Autofocus Lens     System for Indicia Readers filed Apr. 29, 2014 (Ackley et al.); -   U.S. patent application Ser. No. 14/274,858 for Mobile Printer with     Optional Battery Accessory filed May 12, 2014 (Marty et al.); -   U.S. patent application Ser. No. 14/277,337 for MULTIPURPOSE OPTICAL     READER, filed May 14, 2014 (Jovanovski et al.); -   U.S. patent application Ser. No. 14/283,282 for TERMINAL HAVING     ILLUMINATION AND FOCUS CONTROL filed May 21, 2014 (Liu et al.); -   U.S. patent application Ser. No. 14/300,276 for METHOD AND SYSTEM     FOR CONSIDERING INFORMATION ABOUT AN EXPECTED RESPONSE WHEN     PERFORMING SPEECH RECOGNITION, filed Jun. 10, 2014 (Braho et al.); -   U.S. patent application Ser. No. 14/305,153 for INDICIA READING     SYSTEM EMPLOYING DIGITAL GAIN CONTROL filed Jun. 16, 2014 (Xian et     al.); -   U.S. patent application Ser. No. 14/310,226 for AUTOFOCUSING OPTICAL     IMAGING DEVICE filed Jun. 20, 2014 (Koziol et al.); -   U.S. patent application Ser. No. 14/327,722 for CUSTOMER FACING     IMAGING SYSTEMS AND METHODS FOR OBTAINING IMAGES filed Jul. 10, 2014     (Oberpriller et al,); -   U.S. patent application Ser. No. 14/327,827 for a MOBILE-PHONE     ADAPTER FOR ELECTRONIC TRANSACTIONS, filed Jul. 10, 2014 (Hejl); -   U.S. patent application Ser. No. 14/329,303 for CELL PHONE READING     MODE USING IMAGE TIMER filed Jul. 11, 2014 (Coyle); -   U.S. patent application Ser. No. 14/333,588 for SYMBOL READING     SYSTEM WITH INTEGRATED SCALE BASE filed Jul. 17, 2014 (Barten); -   U.S. patent application Ser. No. 14/334,934 for a SYSTEM AND METHOD     FOR INDICIA VERIFICATION, filed Jul. 18, 2014 (Hejl); -   U.S. patent application Ser. No. 14/336,188 for METHOD OF AND SYSTEM     FOR DETECTING OBJECT WEIGHING INTERFERENCES, Filed Jul. 21, 2014     (Amundsen et al.); -   U.S. patent application Ser. No. 14/339,708 for LASER SCANNING CODE     SYMBOL READING SYSTEM, filed Jul. 24, 2014 (Xian et al.); -   U.S. patent application Ser. No. 14/340,627 for an AXIALLY     REINFORCED FLEXIBLE SCAN ELEMENT, filed Jul. 25, 2014 (Rueblinger et     al.); -   U.S. patent application Ser. No. 14/340,716 for an OPTICAL IMAGER     AND METHOD FOR CORRELATING A MEDICATION PACKAGE WITH A PATIENT,     filed Jul. 25, 2014 (Ellis); -   U.S. patent application Ser. No. 14/342,544 for Imaging Based     Barcode Scanner Engine with Multiple Elements Supported on a Common     Printed Circuit Board filed Mar. 4, 2014 (Liu et al.); -   U.S. patent application Ser. No. 14/345,735 for Optical Indicia     Reading Terminal with Combined Illumination filed Mar. 19, 2014     (Ouyang); -   U.S. patent application Ser. No. 14/336,188 for METHOD OF AND SYSTEM     FOR DETECTING OBJECT WEIGHING INTERFERENCES, Filed Jul. 21, 2014     (Amundsen et al.); -   U.S. patent application Ser. No. 14/355,613 for Optical Indicia     Reading Terminal with Color Image Sensor filed May 1, 2014 (Lu et     al.); -   U.S. patent application Ser. No. 14/370,237 for WEB-BASED SCAN-TASK     ENABLED SYSTEM AND METHOD OF AND APPARATUS FOR DEVELOPING AND     DEPLOYING THE SAME ON A CLIENT-SERVER NETWORK filed Jul. 2, 2014     (Chen et al.); -   U.S. patent application Ser. No. 14/370,267 for INDUSTRIAL DESIGN     FOR CONSUMER DEVICE BASED SCANNING AND MOBILITY, filed Jul. 2, 2014     (Ma et al.); -   U.S. patent application Ser. No. 14/376,472, for an ENCODED     INFORMATION READING TERMINAL INCLUDING HTTP SERVER, filed Aug. 4,     2014 (Lu); -   U.S. patent application Ser. No. 14/379,057 for METHOD OF USING     CAMERA SENSOR INTERFACE TO TRANSFER MULTIPLE CHANNELS OF SCAN DATA     USING AN IMAGE FORMAT filed Aug. 15, 2014 (Wang et al.); -   U.S. patent application Ser. No. 14/452,697 for INTERACTIVE INDICIA     READER, filed Aug. 6, 2014 (Todeschini); -   U.S. patent application Ser. No. 14/453,019 for DIMENSIONING SYSTEM     WITH GUIDED ALIGNMENT, filed Aug. 6, 2014 (Li et al.); -   U.S. patent application Ser. No. 14/460,387 for APPARATUS FOR     DISPLAYING BAR CODES FROM LIGHT EMITTING DISPLAY SURFACES filed Aug.     15, 2014 (Van Horn et al.); -   U.S. patent application Ser. No. 14/460,829 for ENCODED INFORMATION     READING TERMINAL WITH WIRELESS PATH SELECTION CAPABILITY, filed Aug.     15, 2014 (Wang et al.); -   U.S. patent application Ser. No. 14/462,801 for MOBILE COMPUTING     DEVICE WITH DATA COGNITION SOFTWARE, filed on Aug. 19, 2014     (Todeschini et al.); -   U.S. patent application Ser. No. 14/446,387 for INDICIA READING     TERMINAL PROCESSING PLURALITY OF FRAMES OF IMAGE DATA RESPONSIVELY     TO TRIGGER SIGNAL ACTIVATION filed Jul. 30, 2014 (Wang et al.); -   U.S. patent application Ser. No. 14/446,391 for MULTIFUNCTION POINT     OF SALE APPARATUS WITH OPTICAL SIGNATURE CAPTURE filed Jul. 30, 2014     (Good et al.); -   U.S. patent application Ser. No. 29/486,759 for an Imaging Terminal,     filed Apr. 2, 2014 (Oberpriller et al.); -   U.S. patent application Ser. No. 29/492,903 for an INDICIA SCANNER,     filed Jun. 4, 2014 (Zhou et al.); and -   U.S. patent application Ser. No. 29/494,725 for an IN-COUNTER     BARCODE SCANNER, filed Jun. 24, 2014 (Oberpriller et al.).

In the specification and/or figures, typical embodiments of the invention have been disclosed. The present invention is not limited to such exemplary embodiments. The use of the term “and/or” includes any and all combinations of one or more of the associated listed items. The figures are schematic representations and so are not necessarily drawn to scale. Unless otherwise noted, specific terms have been used in a generic and descriptive sense and not for purposes of limitation. 

The invention claimed is:
 1. A method of protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device having an operating system, a memory, memory instructions holding executable program instructions, and being communication enabled, comprising the steps of: authenticating the executable program instructions of the network-connected device using installed routines, the routine installed at a low level of the network device and being correlated to the memory instructions; detecting the advanced persistent threat due to the presence of rogue software in the memory instructions of the network-connected device by running the routines prior to the device running the executable program instructions; and locking-down the communications of the network-connected device when rogue software is detected.
 2. The method of claim 1, wherein the routines are computing checksum blocks routines; and the authenticating step comprises: generating checksums for the memory instructions before the network-connected device is deployed for the first time; and comparing the checksum block routines to the checksums for the memory instructions.
 3. The method of claim 2, wherein the generating step is accomplished when the memory instructions are loaded into the memory.
 4. The method of claim 2, wherein the generating step is accomplished prior to executing the instructions for the first time.
 5. The method of claim 2, wherein the low level of the network-connected device is part of the operating system.
 6. The method of claim 5, further comprising the step of installing the checksum block routines when the operating system is installed.
 7. The method of claim 5, further comprising the step of installing the checksum block routines into the operating system before the network-connected device is deployed for the first time.
 8. The method of claim 2, wherein the locking-down step is initiated if the checksums for the memory instructions are not authenticated by the checksum block routines in the comparing step.
 9. The method of claim 2, further comprising the step of: protecting the checksum block routines from unauthorized changes.
 10. A system for protecting a network-connected device from an advanced persistent threat cyber-attack, the network-connected device being wireless communication enabled and having an operating system, a central processing unit, a memory, executable program instructions loaded into the memory; the operating system, central processing unit, memory and executable program instructions being communicatively linked; the system comprising: routines installed in a low-level of the network-connected device, the routines being correlated to the executable program instructions before the network-connected device is deployed for the first time; the central processing unit being configured to allow the routines to authenticate the executable program instructions before the central processing unit executes the program instructions; the routines being configured to lock-down communications between the network-connected device and other devices if the routine finds instructions in the memory which do not correlate to the executable program instructions in the memory.
 11. The system of claim 10, further comprising: checksums generated for the executable programs in the memory, and wherein the routines are computing checksum block routines, the checksum block routines being configured to authenticate the checksums in the executable programs.
 12. The system of claim 11, further comprising a security scheme to protect the checksum block routines.
 13. The system of claim 12, wherein the security scheme is a public key and private key cryptography.
 14. The system of claim 12, wherein the security scheme is a two-factor scheme, the two-factor authentication requiring that a notification be sent to a party responsible for the network-connected device before any changes in the memory instructions or the checksums can be made.
 15. The system of claim 10, wherein the central processing unit is configured to allow the routines to authenticate all the executable program instructions in the memory before the central processing unit executes the program instructions.
 16. The system of claim 10, further comprising diagnostic routines configured to run on the network-connected device when in communications lock-down, the diagnostic routines being configured to identify details of the advanced persistent threat cyber-attack.
 17. The system of claim 10, further comprising updating routines configured to run on the network-connected device when in communications lock-down, the updating routines being configured to update the executable program instructions to a pre-advanced persistent threat cyber-attack state.
 18. The system of claim 10, further comprising an alert indicator, the alert indicator being communicatively linked to the routines, the alert indicator being initialized when the routines lock-down the network-connected device.
 19. The system of claim 18, wherein the alert indicator is selected from an audio alarm and a visual indicator. 